Upload
larryshi
View
226
Download
0
Embed Size (px)
Citation preview
8/6/2019 Conf Graphics Hardware 2006
1/25
Georgia Institute of Technology, Motorola*
A Digital Rights Enabled
Graphics Processing System
Weidong Shi*, Hsien-Hsin S. Lee,
Richard M. Yoo, Alexandra Boldyreva
8/6/2019 Conf Graphics Hardware 2006
2/25
Why DRM
id co-owner Kevin Cloud
"this (piracy) is whats killing
PC games" but you may literally have more games being
played illegitimately than being playedlegitimately.
it is a very serious problem.
There isnt any magical solution, or else wed solveit.
8/6/2019 Conf Graphics Hardware 2006
3/25
Graphics As Assets
Protect graphics apps byprotecting the graphics
assets instead of the sw. Avatars, in-gamegraphics assets sale raise
steadily $10million per monthin-game assets sale
in Korea alone
8/6/2019 Conf Graphics Hardware 2006
4/25
It is not a trivial task
If security is easy to add,
it is easy to remove.
Never underestimatethe hackers (XBOX case)
Graphics DRM
Protect against SW attacks
Protect against simple
radio - shack HW attacks
8/6/2019 Conf Graphics Hardware 2006
5/25
SW DRM
Disadvantages Insecure
Not tamper proof
Advantages Easy to change
Flexible
3D apps
mesh texture shader
OpenGL/Direct3D SW
DRM
FrameBuffer
8/6/2019 Conf Graphics Hardware 2006
6/25
DRM Design Space
Many design choicesfor unlocking DRMedcontents.
Hackers can alwaysgo to the levelbelow to defeat a
DRM system. Typical SW DRM
unlocks at App level.
Real time3D apps
GraphicsAPI(OpenGL/Direct3D)
DeviceDriver
DRMed Contents
Unlock atApp level
Unlock atAPI level
Unlock atDriver level
Unlock at
Device level
8/6/2019 Conf Graphics Hardware 2006
7/25
Our Idea DRM Enabled GPU
DRM Enabled GPU
Protected Graphics Assets
(mesh, textures, shaders)
Protect graphics assetswith encryption and rights
Licenses.
Decrypt graphics assets by DRM enabled GPU
DRM
8/6/2019 Conf Graphics Hardware 2006
8/25
DRM Enabled GPU
Advantages Strong security protection, contents decrypted
right before consumption Against SW tampers/attacks (API hijack, graphics
file reverse engineering, )
High performance (hw decryption vs. swdecryption)
Disadvantages Less flexible
8/6/2019 Conf Graphics Hardware 2006
9/25
Issues
DRM Issues
Graphics API Extension GPU Design
8/6/2019 Conf Graphics Hardware 2006
10/25
GPU with DRM Block
PCI-Express
Host/MemoryInterface
Graphics/VideoMemory
GPU Pipeline
VertexCache TextureCacheCryptographic
UnitLicense
Processing Unit
Context
Information
DRM
Block
8/6/2019 Conf Graphics Hardware 2006
11/25
Rights License
Graphics contents or assets are licensed. Textures, meshes, shaders
Graphics contents or assets are encrypted withcontent keys (symmetric keys). Encrypted contentkeys included in graphics content licenses.
Graphics content licenses are certified anddistributed over a variety of means.
Standard DRM license distribution problem (not the focusof this paper)
Distributed on network, storage media, on-demand, pre-distributed, etc.
Only targeted GPU can extract or use the contentkeys from the licenses.
8/6/2019 Conf Graphics Hardware 2006
12/25
Binding Context
Constraints of binding among vertex data,textures, and shaders
Created based on graphics assets licenses Security context (protected when stored in
exposed storage)
Contains all information for decrypting graphicsassets by a GPU
Binding Context
Vertex Attr Decryption Key, Digest Key
Texture Decryption Key, Digest Key
Shader Digest Key
8/6/2019 Conf Graphics Hardware 2006
13/25
Why Do WeConstrains GraphicsBinding?
A malicious shader may disclosure vertex data ortexture data in passthrough processing (assumeno frame buffer encryption)
Texture may be disclosed by binding with quad.
It is not necessary to encrypt shaders.
Use digital digest/MAC to protect shader integrity.
8/6/2019 Conf Graphics Hardware 2006
14/25
Graphics API Extension
Encrypted Data Array/Texture Types Encrypted{234}f, Encrypted_R8G8B8A8,
Encrypt collection of vertex attributes or texture tile as a
chunk. Compute a digest or MAC (HMAC) for each encrypted
chunk
Protected Graphics ObjectsglVertexAttribPointerEncryptedARB(0,
Encrypted4f,GL_FALSE, 0, 0);
glVertexAttribPointerPrivateARB(8, Encrypted2f, GL_FALSE,0, 0);
8/6/2019 Conf Graphics Hardware 2006
15/25
Graphics API Extension
API Extension GenBindingContext(int size, int* ptr_to_handles)
ConfigBindingContext(int handle, enum type,
int graphics_object_handle, unsigned char* license)
type = Encrypted_VERTEX_ATTR0..15
type = PRIVATE_TEXTURE0..7
type = VERTEX_SHADER|FRAGMENT_SHADER| graphics_object_handle = handle to vertex,texture,or shader
license = license byte array
EnableBindingContext(int handle)
DisableBindingContext(int handle)
DeleteBindingContext(int handle)
8/6/2019 Conf Graphics Hardware 2006
16/25
8/6/2019 Conf Graphics Hardware 2006
17/25
Division of LaborCPU-GPU Level-of-Detail
CPU
GPU
Collision detection
Coarse culling
Transformation
Lighting
Animation
Unprotected Graphics Data
Protected Graphics Data
CPU processes unprotected coarse level graphics data
GPU processes protected fine-grained graphics data
8/6/2019 Conf Graphics Hardware 2006
18/25
Fetching Encrypted TexelsTexture Fetch Unit/Texture Cache
Fetch AddressCal/Translation
Memory Unit
GraphicsMemory
GraphicsMemory
Texel TileCoord Offset Padding
AES EngineDecryptionPadEncrypted
Texel
XOR
BindingContext
Decryption Key
8/6/2019 Conf Graphics Hardware 2006
19/25
Optional Depth BufferProtection
Frame BufferOperation Unit
Depth Buffer
DepthDecryption Unit
Depth
Buffer
Symmetric Key
Context
DepthEncryption Unit
Z-tile Z-tile
Depth buffer key is applied to an application.
8/6/2019 Conf Graphics Hardware 2006
20/25
Evaluation
Setting
Apps Quake3D four demo maps
GPU Simulator QsilverAES unit # 8 (400K gate x 8)
DecryptionThroughput/Laten
cy
40Gb/ps x 8, 2.5ns per stage x12
HMAC Unit # 8
HMAC Latency 74ns
Graphics Memory GDDR3 latency
8/6/2019 Conf Graphics Hardware 2006
21/25
Frame Rate
Frame rate using protected assets/frame rateusing regular assets
Small impact on frame rate
Normalized Frame Rate (%)
50
60
70
80
90
100
q 3 d
m 1
q 3 d
m 7
q 3 d m
1 7
q 3 t o u r n
e y
a v e r a
g e
8/6/2019 Conf Graphics Hardware 2006
22/25
Decryption Latencyvs. Frame Rate
Normalized Frame Rate (%)
50556065707580859095
100
q 3 d m
1
q 3 d m
7
q 3 d m 1
7
q 3 t o
u r n e y
a v e r a g
e
27.5ns Decryption Lat 40ns Decryption Lat
8/6/2019 Conf Graphics Hardware 2006
23/25
Frame Rate vs.Cache Miss Rate
Normalized Frame Rate (%)
505560657075
80859095
100
q 3 d m 1
q 3 d m 7
q 3 d m
1 7
q 3 t o
u r n e y
a v e r
a g e
Baseline Medium Miss RateHi h Miss Rate
8/6/2019 Conf Graphics Hardware 2006
24/25
8/6/2019 Conf Graphics Hardware 2006
25/25
Questions